Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentUBR924 - uBR 924 Router
12345678910
DOCSIS 1.1 for Cisco uBR905 and Cisco uBR925 Cable Access Routers and Cisco CVA122 Cable Voice Adapters
Information About DOCSIS 1.1 Support
7
Cisco IOS Release 12.2(15)CZ
DOCSIS 1.1 cable modems can coexist with DOCSIS 1.0 and 1.0+ cable modems in the same
network—a DOCSIS 1.1 CMTS provides the levels of service that are appropriate for each cable
modem.
Baseline Privacy Interface Plus
DOCSIS 1.0 included a Baseline Privacy Interface (BPI) to protect user data privacy across the
shared-medium cable network and to prevent unauthorized access to DOCSIS-based data transport
services across the cable network. BPI encrypts traffic across the RF interface between the cable modem
and CMTS, and also includes authentication, authorization, and accounting (AAA) features.
BPI supports access control lists (ACLs), tunnels, filtering, protection against spoofing, and commands
to configure source IP filtering on RF subnets to prevent subscribers from using source IP addresses that
are not valid. These lists can be implemented either through CLI commands or by setting SNMP
attributes through the DOCSIS configuration file.
DOCSIS 1.1 enhances these security features with Baseline Privacy Interface Plus (BPI+), which
includes the following enhancements:
X.509 digital certificates provide secure user identification and authentication. Each DOCSIS 1.1
cable modem contains a certificate that uniquely identifies it to the CMTS. This certificate is chained
to the manufacturer’s digital certificate, which securely authenticates the cable modem. The
manufacturer’s certificate in turn is chained to and verified by the DOCSIS certificate authority (CA)
root certificate.
Key encryption uses 168-bit Triple DES (3DES) encryption that is suitable for the most sensitive
applications.
1024-bit public key exchange Pkcs#1 Version 2.0 encryption to ensure the secure generation and
transmission of the public encryption keys between the CMTS and CM.
Encryption of multicast broadcasts allows users to receive only those broadcasts they are authorized
to use.
Secure software download, using a Pkcs#7 digital signature, allows a service provider to upgrade a
cable modem’s software remotely, without the threat of interception, interference, or alteration.
Note BPI+ is described in the Baseline Privacy Interface Plus Specification (SP-BPI+-I08-020301), available
from CableLabs (http://www.cablelabs.com).
X.509 Digital Certificates
BPI+ uses digital certificates and a public key infrastructure (PKI) that are based on the International
Telecommunications Union (ITU) X.509 Version 3.0 standard. The key components of the X.509
standard are the following:
Digital certificate—Uniquely identifies the cable modem. The digital certificate contains the
following information:
User name and organization—Identify the product and its manufacturer.
Certificate effective date and expiration Date—Give the range of dates for which the certificate
is valid.
User public key—Allows other entities, such as the CMTS, to verify the certificate.